package software.netcore.unimus.persistence.impl.querydsl;

import com.querydsl.core.types.Expression;
import com.querydsl.core.types.SubQueryExpression;
import com.querydsl.core.types.dsl.Expressions;
import com.querydsl.core.types.dsl.NumberPath;
import com.querydsl.core.types.dsl.PathBuilder;
import com.querydsl.jpa.JPQLQuery;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import javax.persistence.EntityManager;
import lombok.NonNull;
import net.unimus.common.lang.Identity;
import net.unimus.data.repository.RepositoryUtils;
import net.unimus.data.repository.SecurityQueryFactory;
import net.unimus.data.schema.backup.retention.BackupsRetention;
import net.unimus.data.schema.backup.retention.QBackupsRetention;
import net.unimus.data.schema.connector.QConnectorConfigGroupEntity;
import net.unimus.data.schema.credentials.QCliModeChangePasswordEntity;
import net.unimus.data.schema.credentials.QDeviceCredentialEntity;
import net.unimus.data.schema.credentials.QDeviceCredentialUsageEntity;
import net.unimus.data.schema.device.DeviceEntity;
import net.unimus.data.schema.device.QDeviceConnectionEntity;
import net.unimus.data.schema.device.QDeviceEntity;
import net.unimus.data.schema.job.HistoryJobsRetention;
import net.unimus.data.schema.job.QHistoryJobsRetention;
import net.unimus.data.schema.job.push.PushPresetEntity;
import net.unimus.data.schema.job.push.PushRetention;
import net.unimus.data.schema.job.push.QPushPresetEntity;
import net.unimus.data.schema.job.push.QPushRetention;
import net.unimus.data.schema.job.scan.QScanPresetEntity;
import net.unimus.data.schema.job.scan.ScanPresetEntity;
import net.unimus.data.schema.job.sync.preset.QSyncPresetEntity;
import net.unimus.data.schema.job.sync.preset.SyncPresetEntity;
import net.unimus.data.schema.tag.QTagEntity;
import net.unimus.data.schema.tag.TagEntity;
import net.unimus.data.schema.zone.QZoneEntity;
import net.unimus.data.schema.zone.ZoneEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.data.jpa.repository.support.Querydsl;
import org.springframework.stereotype.Component;
import software.netcore.common.domain.error.data.ErrorMessage;
import software.netcore.common.domain.error.operation.OperationResult;
import software.netcore.unimus.common.domain.UnimusErrorType;
import software.netcore.unimus.persistence.spi.PermissionResolver;

@Component
/* loaded from: input_file:BOOT-INF/lib/unimus-common-persistence-impl-querydsl-3.24.1-STAGE.jar:software/netcore/unimus/persistence/impl/querydsl/PermissionResolverImpl.class */
public class PermissionResolverImpl implements PermissionResolver {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PermissionResolverImpl.class);

    @NonNull
    private final EntityManager em;
    private final SecurityQueryFactory securityQueryFactory = new SecurityQueryFactory();

    @Override // software.netcore.unimus.persistence.spi.PermissionResolver
    public OperationResult<Boolean> canDeleteConnectors(@NonNull Long l, @NonNull List<Long> list) {
        if (l == null) {
            throw new NullPointerException("accountId is marked non-null but is null");
        }
        if (list == null) {
            throw new NullPointerException("connectorGroupIds is marked non-null but is null");
        }
        return !new HashSet((List) this.securityQueryFactory.getConnectorSecurityQuery(new Querydsl(this.em, new PathBuilder(QConnectorConfigGroupEntity.class, QConnectorConfigGroupEntity.connectorConfigGroupEntity.getMetadata())), l).fetch().stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toList())).containsAll(list) ? OperationResult.ofFailure(ErrorMessage.of(UnimusErrorType.PERMISSIONS_INSUFFICIENT)) : OperationResult.ofSuccess();
    }

    @Override // software.netcore.unimus.persistence.spi.PermissionResolver
    public OperationResult<Boolean> canDeleteDeviceCredentials(@NonNull Long l, @NonNull List<Identity> list) {
        if (l == null) {
            throw new NullPointerException("accountId is marked non-null but is null");
        }
        if (list == null) {
            throw new NullPointerException("credentialIdentities is marked non-null but is null");
        }
        return !isPresentInAccessible(accessibleCredentialIdentities(l), list) ? OperationResult.ofFailure(ErrorMessage.of(UnimusErrorType.PERMISSIONS_INSUFFICIENT)) : OperationResult.ofSuccess();
    }

    @Override // software.netcore.unimus.persistence.spi.PermissionResolver
    public OperationResult<Boolean> canEditDeviceCredentials(@NonNull Long l, @NonNull Identity identity) {
        if (l == null) {
            throw new NullPointerException("accountId is marked non-null but is null");
        }
        if (identity == null) {
            throw new NullPointerException("credentialIdentity is marked non-null but is null");
        }
        return !isPresentInAccessible(accessibleCredentialIdentities(l), Collections.singletonList(identity)) ? OperationResult.ofFailure(ErrorMessage.of(UnimusErrorType.PERMISSIONS_INSUFFICIENT)) : OperationResult.ofSuccess();
    }

    @Override // software.netcore.unimus.persistence.spi.PermissionResolver
    public OperationResult<Boolean> canEditDeviceCliModeChangePassword(@NonNull Long l, @NonNull Identity identity) {
        if (l == null) {
            throw new NullPointerException("accountId is marked non-null but is null");
        }
        if (identity == null) {
            throw new NullPointerException("identityOfCliPassword is marked non-null but is null");
        }
        return !isPresentInAccessible(accessibleCliModeChangePasswordIdentities(l, identity), Collections.singletonList(identity)) ? OperationResult.ofFailure(ErrorMessage.of(UnimusErrorType.PERMISSIONS_INSUFFICIENT)) : OperationResult.ofSuccess();
    }

    @Override // software.netcore.unimus.persistence.spi.PermissionResolver
    public OperationResult<Boolean> canManageSchedule(@NonNull Long l, @NonNull Identity identity, boolean z) {
        if (l == null) {
            throw new NullPointerException("accountId is marked non-null but is null");
        }
        if (identity == null) {
            throw new NullPointerException("identityOfSchedule is marked non-null but is null");
        }
        QDeviceEntity qDeviceEntity = QDeviceEntity.deviceEntity;
        Querydsl querydsl = new Querydsl(this.em, new PathBuilder(DeviceEntity.class, qDeviceEntity.getMetadata()));
        List<Identity> list = (List) this.securityQueryFactory.getDeviceSecurityQuery(querydsl, l).select((Expression) qDeviceEntity.id).fetch().stream().map(Identity::of).collect(Collectors.toList());
        List<Identity> list2 = (List) ((JPQLQuery) querydsl.createQuery().select((Expression) qDeviceEntity.id).from(qDeviceEntity).where(qDeviceEntity.schedule.isNotNull().and(qDeviceEntity.schedule.id.eq((NumberPath<Long>) identity.getId())))).fetch().stream().map(Identity::of).collect(Collectors.toList());
        if (!list2.isEmpty() && !isPresentInAccessible(list, list2)) {
            return z ? OperationResult.ofFailure(ErrorMessage.of(UnimusErrorType.SCHEDULED_DEVICE_PERMISSIONS_INSUFFICIENT)) : OperationResult.ofFailure(ErrorMessage.of(UnimusErrorType.DEFAULT_SCHEDULE_DEVICE_PERMISSIONS_INSUFFICIENT));
        }
        QZoneEntity qZoneEntity = QZoneEntity.zoneEntity;
        Querydsl querydsl2 = new Querydsl(this.em, new PathBuilder(ZoneEntity.class, qZoneEntity.getMetadata()));
        List<Identity> list3 = (List) this.securityQueryFactory.getZoneSecurityQuery(querydsl2, l).select((Expression) qZoneEntity.id).fetch().stream().map(Identity::of).collect(Collectors.toList());
        QSyncPresetEntity qSyncPresetEntity = QSyncPresetEntity.syncPresetEntity;
        List<T> fetch = ((JPQLQuery) new Querydsl(this.em, new PathBuilder(SyncPresetEntity.class, qSyncPresetEntity.getMetadata())).createQuery().select((Expression) qSyncPresetEntity).from(qSyncPresetEntity).where(qSyncPresetEntity.schedule.id.eq((NumberPath<Long>) identity.getId()))).fetch();
        HashSet hashSet = new HashSet();
        Iterator it = fetch.iterator();
        while (it.hasNext()) {
            hashSet.addAll((Collection) ((SyncPresetEntity) it.next()).getSyncRuleEntities().stream().map(syncRuleEntity -> {
                return syncRuleEntity.getToZone().getId();
            }).collect(Collectors.toSet()));
        }
        List<Identity> list4 = (List) hashSet.stream().map(Identity::of).collect(Collectors.toList());
        if (!list4.isEmpty() && !isPresentInAccessible(list3, list4)) {
            return z ? OperationResult.ofFailure(ErrorMessage.of(UnimusErrorType.SCHEDULED_SYNC_PRESET_PERMISSIONS_INSUFFICIENT)) : OperationResult.ofFailure(ErrorMessage.of(UnimusErrorType.DEFAULT_SCHEDULE_SYNC_PRESET_PERMISSIONS_INSUFFICIENT));
        }
        QScanPresetEntity qScanPresetEntity = QScanPresetEntity.scanPresetEntity;
        List<T> fetch2 = ((JPQLQuery) new Querydsl(this.em, new PathBuilder(ScanPresetEntity.class, qScanPresetEntity.getMetadata())).createQuery().select((Expression) qScanPresetEntity).from(qScanPresetEntity).where(qScanPresetEntity.schedule.id.eq((NumberPath<Long>) identity.getId()))).fetch();
        List<T> fetch3 = ((JPQLQuery) this.securityQueryFactory.getZoneSecurityQuery(querydsl2, l).select((Expression) qZoneEntity).from(qZoneEntity).where(qZoneEntity.isDefault.isTrue())).fetch();
        if (!fetch2.isEmpty() && fetch3.isEmpty()) {
            return z ? OperationResult.ofFailure(ErrorMessage.of(UnimusErrorType.SCHEDULED_SCAN_PRESET_PERMISSIONS_INSUFFICIENT)) : OperationResult.ofFailure(ErrorMessage.of(UnimusErrorType.DEFAULT_SCHEDULE_SCAN_PRESET_PERMISSIONS_INSUFFICIENT));
        }
        QTagEntity qTagEntity = QTagEntity.tagEntity;
        List<Identity> list5 = (List) this.securityQueryFactory.getTagSecurityQuery(new Querydsl(this.em, new PathBuilder(TagEntity.class, qTagEntity.getMetadata())), l).select((Expression) qTagEntity.id).fetch().stream().map(Identity::of).collect(Collectors.toList());
        QPushPresetEntity qPushPresetEntity = QPushPresetEntity.pushPresetEntity;
        List<T> fetch4 = ((JPQLQuery) new Querydsl(this.em, new PathBuilder(PushPresetEntity.class, qPushPresetEntity.getMetadata())).createQuery().select((Expression) qPushPresetEntity).from(qPushPresetEntity).where(qPushPresetEntity.schedule.id.eq((NumberPath<Long>) identity.getId()))).fetch();
        HashSet hashSet2 = new HashSet();
        Iterator it2 = fetch4.iterator();
        while (it2.hasNext()) {
            hashSet2.addAll((Collection) ((PushPresetEntity) it2.next()).getTagTargets().stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet()));
        }
        List<Identity> list6 = (List) hashSet2.stream().map(Identity::of).collect(Collectors.toList());
        if (!list6.isEmpty() && !isPresentInAccessible(list5, list6)) {
            return z ? OperationResult.ofFailure(ErrorMessage.of(UnimusErrorType.SCHEDULED_PUSH_PRESET_PERMISSIONS_INSUFFICIENT)) : OperationResult.ofFailure(ErrorMessage.of(UnimusErrorType.DEFAULT_SCHEDULE_PUSH_PRESET_PERMISSIONS_INSUFFICIENT));
        }
        HashSet hashSet3 = new HashSet();
        Iterator it3 = fetch4.iterator();
        while (it3.hasNext()) {
            hashSet3.addAll((Collection) ((PushPresetEntity) it3.next()).getDeviceTargets().stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet()));
        }
        List<Identity> list7 = (List) hashSet3.stream().map(Identity::of).collect(Collectors.toList());
        if (!list7.isEmpty() && !isPresentInAccessible(list, list7)) {
            return z ? OperationResult.ofFailure(ErrorMessage.of(UnimusErrorType.SCHEDULED_PUSH_PRESET_PERMISSIONS_INSUFFICIENT)) : OperationResult.ofFailure(ErrorMessage.of(UnimusErrorType.DEFAULT_SCHEDULE_PUSH_PRESET_PERMISSIONS_INSUFFICIENT));
        }
        QBackupsRetention qBackupsRetention = QBackupsRetention.backupsRetention;
        BackupsRetention backupsRetention = (BackupsRetention) new Querydsl(this.em, new PathBuilder(BackupsRetention.class, qBackupsRetention.getMetadata())).createQuery().select((Expression) qBackupsRetention).from(qBackupsRetention).fetch().get(0);
        QHistoryJobsRetention qHistoryJobsRetention = QHistoryJobsRetention.historyJobsRetention;
        HistoryJobsRetention historyJobsRetention = (HistoryJobsRetention) new Querydsl(this.em, new PathBuilder(HistoryJobsRetention.class, qHistoryJobsRetention.getMetadata())).createQuery().select((Expression) qHistoryJobsRetention).from(qHistoryJobsRetention).fetch().get(0);
        QPushRetention qPushRetention = QPushRetention.pushRetention;
        return (z || !(backupsRetention.isEnabled() || historyJobsRetention.isEnabled() || ((PushRetention) new Querydsl(this.em, new PathBuilder(PushRetention.class, qPushRetention.getMetadata())).createQuery().select((Expression) qPushRetention).from(qPushRetention).fetch().get(0)).isEnabled()) || isPresentInAccessible((List) this.securityQueryFactory.getDeviceSecurityQuery(querydsl, l).select((Expression) qDeviceEntity.id).fetch().stream().map(Identity::of).collect(Collectors.toList()), (List) querydsl.createQuery().select((Expression) qDeviceEntity.id).from(qDeviceEntity).fetch().stream().map(Identity::of).collect(Collectors.toList()))) ? OperationResult.ofSuccess(true) : OperationResult.ofFailure(ErrorMessage.of(UnimusErrorType.DEFAULT_SCHEDULE_RETENTIONS_PERMISSIONS_INSUFFICIENT));
    }

    private List<Identity> accessibleCliModeChangePasswordIdentities(Long l, Identity identity) {
        Querydsl querydsl = new Querydsl(this.em, new PathBuilder(QDeviceEntity.class, QDeviceEntity.deviceEntity.getMetadata()));
        QDeviceEntity qDeviceEntity = QDeviceEntity.deviceEntity;
        QCliModeChangePasswordEntity qCliModeChangePasswordEntity = QCliModeChangePasswordEntity.cliModeChangePasswordEntity;
        QDeviceConnectionEntity qDeviceConnectionEntity = QDeviceConnectionEntity.deviceConnectionEntity;
        List<Identity> list = (List) ((JPQLQuery) querydsl.createQuery().select((Expression) qDeviceEntity.boundConfigurePassword).from(qDeviceEntity).where(Expressions.allOf(qDeviceEntity.boundConfigurePassword.isNotNull(), qDeviceEntity.uuid.notIn((SubQueryExpression) this.securityQueryFactory.getDeviceSecurityQuery(querydsl, l).select((Expression) qDeviceEntity.uuid).where(qDeviceEntity.boundConfigurePassword.isNotNull()))))).fetch().stream().map(cliModeChangePasswordEntity -> {
            return Identity.of(cliModeChangePasswordEntity.getId(), cliModeChangePasswordEntity.getUuid());
        }).collect(Collectors.toList());
        List<Identity> list2 = (List) ((JPQLQuery) querydsl.createQuery().select((Expression) qDeviceEntity.boundEnablePassword).from(qDeviceEntity).where(Expressions.allOf(qDeviceEntity.boundEnablePassword.isNotNull(), qDeviceEntity.uuid.notIn((SubQueryExpression) this.securityQueryFactory.getDeviceSecurityQuery(querydsl, l).select((Expression) qDeviceEntity.uuid).where(qDeviceEntity.boundEnablePassword.isNotNull()))))).fetch().stream().map(cliModeChangePasswordEntity2 -> {
            return Identity.of(cliModeChangePasswordEntity2.getId(), cliModeChangePasswordEntity2.getUuid());
        }).collect(Collectors.toList());
        List<T> fetch = ((JPQLQuery) querydsl.createQuery().select((Expression) qDeviceConnectionEntity).from(qDeviceConnectionEntity).leftJoin(qDeviceConnectionEntity.enablePassword, QCliModeChangePasswordEntity.cliModeChangePasswordEntity).leftJoin(qDeviceConnectionEntity.configurePassword, QCliModeChangePasswordEntity.cliModeChangePasswordEntity).where(Expressions.allOf(Expressions.anyOf(RepositoryUtils.toInPredicate(Collections.singleton(identity), qDeviceConnectionEntity.enablePassword.id, qDeviceConnectionEntity.enablePassword.uuid), RepositoryUtils.toInPredicate(Collections.singleton(identity), qDeviceConnectionEntity.configurePassword.id, qDeviceConnectionEntity.configurePassword.uuid)), qDeviceConnectionEntity.device.id.notIn(this.securityQueryFactory.getDeviceSecurityQuery(querydsl, l).select((Expression) qDeviceEntity.id))))).fetch();
        List<Identity> removeIdentityInList = removeIdentityInList(removeIdentityInList((List) querydsl.createQuery().select((Expression) qCliModeChangePasswordEntity).from(qCliModeChangePasswordEntity).fetch().stream().map(cliModeChangePasswordEntity3 -> {
            return Identity.of(cliModeChangePasswordEntity3.getId(), cliModeChangePasswordEntity3.getUuid());
        }).collect(Collectors.toList()), list), list2);
        ArrayList arrayList = new ArrayList(removeIdentityInList);
        for (T t : fetch) {
            if (t.getEnablePassword() != null) {
                removeIdentityInList = removeIdentityInList(arrayList, Collections.singletonList(Identity.of(t.getEnablePassword().getId(), t.getEnablePassword().getUuid())));
            }
            if (t.getConfigurePassword() != null) {
                removeIdentityInList = removeIdentityInList(arrayList, Collections.singletonList(Identity.of(t.getConfigurePassword().getId(), t.getConfigurePassword().getUuid())));
            }
        }
        return removeIdentityInList;
    }

    private List<Identity> accessibleCredentialIdentities(@NonNull Long l) {
        if (l == null) {
            throw new NullPointerException("accountId is marked non-null but is null");
        }
        Querydsl querydsl = new Querydsl(this.em, new PathBuilder(QDeviceEntity.class, QDeviceEntity.deviceEntity.getMetadata()));
        QDeviceEntity qDeviceEntity = QDeviceEntity.deviceEntity;
        QDeviceCredentialUsageEntity qDeviceCredentialUsageEntity = QDeviceCredentialUsageEntity.deviceCredentialUsageEntity;
        Collection<?> fetch = ((JPQLQuery) querydsl.createQuery().select((Expression) qDeviceEntity.boundDeviceCredential.id).from(qDeviceEntity).where(Expressions.allOf(qDeviceEntity.boundDeviceCredential.isNotNull(), qDeviceEntity.uuid.notIn((SubQueryExpression) this.securityQueryFactory.getDeviceSecurityQuery(querydsl, l).select((Expression) qDeviceEntity.uuid).where(qDeviceEntity.boundDeviceCredential.isNotNull()))))).fetch();
        Collection<?> fetch2 = ((JPQLQuery) querydsl.createQuery().select((Expression) qDeviceCredentialUsageEntity.deviceCredential.id).from(qDeviceCredentialUsageEntity).where(qDeviceCredentialUsageEntity.device.uuid.notIn((SubQueryExpression) this.securityQueryFactory.getDeviceSecurityQuery(querydsl, l).select((Expression) qDeviceEntity.uuid)))).fetch();
        QDeviceCredentialEntity qDeviceCredentialEntity = QDeviceCredentialEntity.deviceCredentialEntity;
        List<T> fetch3 = querydsl.createQuery().select((Expression) qDeviceCredentialEntity.id).from(qDeviceCredentialEntity).fetch();
        fetch3.removeAll(fetch);
        fetch3.removeAll(fetch2);
        return (List) ((JPQLQuery) querydsl.createQuery().select((Expression) qDeviceCredentialEntity).from(qDeviceCredentialEntity).where(qDeviceCredentialEntity.id.in(fetch3))).fetch().stream().map(deviceCredentialEntity -> {
            return Identity.of(deviceCredentialEntity.getId(), deviceCredentialEntity.getUuid());
        }).collect(Collectors.toList());
    }

    private boolean isPresentInAccessible(@NonNull List<Identity> list, @NonNull List<Identity> list2) {
        if (list == null) {
            throw new NullPointerException("accessibleIdentities is marked non-null but is null");
        }
        if (list2 == null) {
            throw new NullPointerException("identitiesToManage is marked non-null but is null");
        }
        Set set = (Set) list.stream().map((v0) -> {
            return v0.getUuid();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet());
        Set set2 = (Set) list.stream().map((v0) -> {
            return v0.getId();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet());
        Set set3 = (Set) list2.stream().map((v0) -> {
            return v0.getUuid();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet());
        Set set4 = (Set) list2.stream().map((v0) -> {
            return v0.getId();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet());
        if (set4.size() != set3.size()) {
            return (set4.isEmpty() || set4.size() <= set3.size()) ? set.containsAll(set3) : set2.containsAll(set4);
        }
        if (!set4.isEmpty()) {
            return set2.containsAll(set4);
        }
        if (set3.isEmpty()) {
            return false;
        }
        return set.containsAll(set3);
    }

    private List<Identity> removeIdentityInList(@NonNull List<Identity> list, @NonNull List<Identity> list2) {
        if (list == null) {
            throw new NullPointerException("allIdentities is marked non-null but is null");
        }
        if (list2 == null) {
            throw new NullPointerException("removeIdentities is marked non-null but is null");
        }
        Set set = (Set) list.stream().map((v0) -> {
            return v0.getUuid();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet());
        Set set2 = (Set) list.stream().map((v0) -> {
            return v0.getId();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet());
        Set set3 = (Set) list2.stream().map((v0) -> {
            return v0.getUuid();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet());
        Set set4 = (Set) list2.stream().map((v0) -> {
            return v0.getId();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet());
        if (set4.size() == set3.size()) {
            if (!set4.isEmpty()) {
                set2.removeAll(set4);
            } else if (!set3.isEmpty()) {
                set.removeAll(set3);
            }
        } else if (set4.isEmpty() || set4.size() <= set3.size()) {
            set.removeAll(set3);
        } else {
            set2.removeAll(set4);
        }
        return (List) IntStream.range(0, Math.min(set.size(), set2.size())).mapToObj(i -> {
            return Identity.of(((Long[]) set2.toArray(new Long[0]))[i], ((String[]) set.toArray(new String[0]))[i]);
        }).collect(Collectors.toList());
    }

    public PermissionResolverImpl(@NonNull EntityManager entityManager) {
        if (entityManager == null) {
            throw new NullPointerException("em is marked non-null but is null");
        }
        this.em = entityManager;
    }
}
